adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
References
Link | Resource |
---|---|
https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html | Mailing List Third Party Advisory |
https://patchwork.ffmpeg.org/project/ffmpeg/patch/AS8P193MB12542A86E22F8207EC971930B6F19%40AS8P193MB1254.EURP193.PROD.OUTLOOK.COM/ | |
https://security.gentoo.org/glsa/202312-14 | |
https://www.debian.org/security/2021/dsa-4990 | Third Party Advisory |
https://www.debian.org/security/2021/dsa-4998 | Third Party Advisory |
Configurations
History
23 Dec 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:37
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-08-21 17:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-38171
Mitre link : CVE-2021-38171
CVE.ORG link : CVE-2021-38171
JSON object : View
Products Affected
ffmpeg
- ffmpeg
debian
- debian_linux
CWE
CWE-252
Unchecked Return Value